package org.smartloli.kafka.eagle.web.config;

import org.apache.shiro.authc.credential.AllowAllCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.session.mgt.eis.MemorySessionDAO;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.smartloli.kafka.eagle.web.sso.filter.SSOFilter;
import org.smartloli.kafka.eagle.web.sso.filter.SSORealm;
import org.smartloli.kafka.eagle.web.sso.pojo.SSOAuthenticationToken;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @author zbc
 * @date 2022/11/16
 */
@Configuration
public class ShiroConfig {

    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
        factoryBean.setSecurityManager(securityManager);
        factoryBean.setSuccessUrl("/");

        Map<String, Filter> filters = new HashMap<>();
        filters.put("authc", new SSOFilter());
        factoryBean.setFilters(filters);

        Map<String, String> filterChainDefinitions = new LinkedHashMap<>();
        filterChainDefinitions.put("/account/signin", "anon");
        filterChainDefinitions.put("/account/signout", "anon");
        filterChainDefinitions.put("/media/**", "anon");
        filterChainDefinitions.put("/**", "authc");
        factoryBean.setFilterChainDefinitionMap(filterChainDefinitions);

        return factoryBean;
    }


    @Bean
    public DefaultWebSecurityManager securityManager(SSORealm ssoRealm, EhCacheManager ehCacheManager, DefaultWebSessionManager sessionManager) {
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        manager.setRealm(ssoRealm);
        manager.setCacheManager(ehCacheManager);
        manager.setSessionManager(sessionManager);
        return manager;
    }

    @Bean
    public SSORealm ssoRealm() {
        SSORealm ssoRealm = new SSORealm();
        ssoRealm.setCredentialsMatcher(new AllowAllCredentialsMatcher());
        ssoRealm.setAuthenticationTokenClass(SSOAuthenticationToken.class);
        return ssoRealm;
    }

    @Bean
    public EhCacheManager ehCacheManager() {
        EhCacheManager ehCacheManager = new EhCacheManager();
        ehCacheManager.setCacheManagerConfigFile("classpath:shiro-ehcache.xml");
        return ehCacheManager;
    }

    @Bean
    public DefaultWebSessionManager sessionManager(SimpleCookie sessionIdCookie) {
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
        sessionManager.setSessionIdCookieEnabled(true);
        sessionManager.setSessionIdCookie(sessionIdCookie);
        sessionManager.setGlobalSessionTimeout(43200000);
        sessionManager.setDeleteInvalidSessions(true);
        sessionManager.setSessionDAO(new MemorySessionDAO());
        return sessionManager;
    }

    @Bean
    public SimpleCookie sessionIdCookie() {
        SimpleCookie sessionIdCookie = new SimpleCookie("MFSHIROSID");
        sessionIdCookie.setHttpOnly(true);
        sessionIdCookie.setMaxAge(180000);
        return sessionIdCookie;
    }

}